On Wed, Mar 11, 2015, Tejaswini wrote: > When MD5 (or any non FIPS compliant) algorithm is used in FIPS mode, OpenSSL > gives following error and application aborts. > > fips_md.c(146): OpenSSL internal error, assertion failed: Digest update > previous FIPS forbidden algorithm error ignored > Aborted (core dumped) > > In our application we want to handle this error and gracefully exit by > logging appropriate error message. > For which, we are looking out for an OpenSSL API or mechanism which can say > whether the algorithm is FIPS compliant or not. > And would not like to have hard coded algorithm list to check if its FIPS > compliant or not. > > Can anyone help me out on this. > You get an error code from EVP_DigestInit* if you attempt to use a non-FIPS algorithm in FIPS mode. You only get the above condition if you ignore that initial error. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
